def test_save_token(app):
with app.app_context():
save_token('test_token')
result = get_db().execute(
"SELECT * FROM blacklist_tokens WHERE token LIKE '{}'".format(
'test_token')).fetchone()
assert result is not None
def refresh_token(request):
auth_token = request.cookies.get(header_name) or \
request.headers.get(header_name)
if not auth_token:
return {
'status': 'fail',
'message': 'Provide a valid auth token.'
}, 401
resp = User.decode_auth_token(auth_token)
if not resp:
return {'status': 'fail', 'message': resp}, 401
user = find_user(resp)
if not user:
return {'status': 'fail', 'message': 'Invalid user'}, 401
old_auth_token = auth_token
auth_token = user.encode_auth_token()
if not auth_token:
return {
'status': 'fail',
'message': 'Could not generate auth token'
}, 500
# mark the old token as blacklisted
save_token(token=old_auth_token)
response = jsonify({
'status': 'success',
'message': 'Successfully refreshed auth token.',
header_name: auth_token.decode()
})
response.set_cookie(header_name, auth_token.decode(), httponly=True)
return response
def test_save_existing_token(app):
with app.app_context():
save_token('test_token')
save_token('test_token')
result = get_db().execute(
"SELECT count(*) FROM blacklist_tokens").fetchone()
assert result[0] == 1
def logout_user(request):
data = request.cookies.get(header_name) or \
request.headers.get(header_name)
if data:
resp = User.decode_auth_token(data)
if isinstance(resp, str):
# mark the token as blacklisted
save_token(token=data)
response = jsonify({
'status': 'success',
'message': 'Successfully logged out.'
})
response.set_cookie(header_name, '', httponly=True)
return response
response_object = {'status': 'fail', 'message': resp}
return response_object, 401
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return response_object, 403
def test_check_blacklist(app):
with app.app_context():
save_token('test_token')
assert check_blacklist('test_token') is True
assert check_blacklist('no_token') is False